Lockey Ransomware Removal (+File Recovery) Feb. 2018 Update

The encrypted files may not be the only damage done to you. parasite may still be hiding on your PC. To determine whether you've been infected with ransomware, we recommend downloading SpyHunter.

Download SpyHunter Anti-Malware

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

This page aims to help you remove Lockey Ransomware for free. Our instructions also cover how any Lockey Ransomware file can be recovered.

The main topic of the text below is the infection with a ransom-requesting, file-encrypting program, known as Lockey Ransomware. As you may already be expecting, this program is more than simply malicious and falls into the Ransomware group of viruses. In general, this classification means your most frequently used data may get hijacked via a complex encryption process that you may not be able to stop. In spite of that, it is ultimately worth reading the next passages to get well-informed and see how to cope with such malware. Ransomware is known as the most malicious virus family ever developed. Generally, it is believed to have originated in Russia at some point at the end of the 20th century. Today we distinguisg two main types of ransom-requiring programs:

  • file-encrypting, the subcategory Lockey Ransomware is a member of – expert at sealing certain files on your various PC storage spaces;
  • screen-locking, the subgroup, whose members are simply capable of targeting the screens of all devices such  as computers/ laptops/ smartphones and tablets; and lock them up, requiring your money for making them accessible to you back again.

The most terrifying Ransomware subcategory – the data-encrypting viruses, and how they typically work:

To begin with, these malicious programs can invade your PC on their own or with some help. The infection may occur in various ways. Nevertheless, it is very likely to take place through email letters and their attachments. Once you load any of them, contamination may follow. It is even probable that such a letter could include a Trojan virus version. One more likely case is to get contaminated by this malicious program by visiting contagious websites. Moreover, you may end up infected if you follow a malicious ad – clicking on such an ad might redirect you to an infected web page, where various forms of malware could automatically infect your device. Still, there are many other different possible sources such as torrents and video-streaming web pages. In such a case the method of infiltration is quite the same: you get attacked by such a virus automatically, as soon as you get exposed to one. The second stage of the infection process is the review that Lockey Ransomware can perform of all your system data storage spaces. This research will target all your disks and will be focused on finding the files, which have been accessed most frequently. Later on, it will prepare a list with all such data.

Following that, the contamination process occurs. Typically, Lockey Ransomware proceeds with rendering all the pre-enlisted files totally unavailable to you. After every single file from the aforementioned list has been eventually encrypted, you receive a special threatening alert informing you about all that. Usually, such a notification includes all the details about paying the demanded ransom, and oftentimes – even some extra scarier threats about the future of the locked-up data.

Lockey Ransomware Removal


Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).



We get asked this a lot, so we are putting it here: Removing parasite manually may take hours and damage your system in the process. We recommend downloading SpyHunter to see if it can detect parasite files for you.

Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 


Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at: https://howtoremove.guide/online-virus-scanner/

Scan Results

Virus Scanner Result

After you open their folder, end the processes that are infected, then delete their folders. 

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.


Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Type msconfig in the search field and hit enter. A window will pop-up:


Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

  • Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.


To remove parasite on your own, you may have to meddle with system files and registries. If you were to do this, you need to be extremely careful, because you may damage your system.

If you want to avoid the risk, we recommend downloading SpyHunter
a professional malware removal tool.

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you delete entries not related to the ransomware.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!


How to Decrypt Lockey Ransomware files

We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!

Is paying the ransom going to be enough to solve such a serious problem after all?

Unfortunately, in the most common case – this is NOT what happens after you pay. In reality, the hackers could simply keep your data encrypted for good when they have  already received your payment. If we were in your shoes, we would not bother paying any cyber criminals. At least not until we have made every other possible attempt to solve the problem ourselves. The following might help:

  • Simply ask an expert for help and assistance. Maybe some professionals have their original means of coping with such hazardous viruses. Furthermore, it is in fact more sensible to pay for assistance or know-how, and perhaps in the end recover your data, than to just give money to the harassing people behind this threat. However, sometimes even some of the people with experience in this field may admit to being unable to find a working solution to the issue with Lockey Ransomware and similar threats.
  • See whether you are capable of removing this infection by following the steps in our specially designed Removal Guide. Doing that might indeed help you, but you get no guarantee of its positive outcome whatsoever.

What will actually work out when we want to fight Ransomware:

There is only one tested manner of successfully dealing with Ransomware. Not surprisingly, it is prevention. This has always been the most efficient choice. What you need to do is to try hard to always BACK UP all your valuable data as regularly as you can and make this a habit of yours.


Name Lockey
Type Ransomware
Danger Level High (Ransomware is by far the worst threat you can encounter)
Symptoms Very few and unnoticeable ones before the ransom notification comes up.
Distribution Method From fake ads and fake system requests to spam emails and contagious web pages.
Data Recovery Tool Currently Unavailable
Detection Tool

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version. More information about SpyHunter and steps to uninstall.

Leave a Comment